Extracting source addresses from incoming packets and storing them together with associated information within an address forwarding table is a widespread technique, well known as self-learning in local area network networks. The most widespread standard for local area networks is the Ethernet standard, wherein the source addresses are denoted as MAC addresses. The self-learning technique allows for easy forwarding of data packets through and by local area network switches, without the need to store significant routing tables. Indeed, upon arrival of a new packet, the source address as well as related associated information as the link via which the packet is received and the internal switch port on which the packet was received will be stored in a so-called address forwarding table. Ethernet switches having at least two interfaces comprising at least a user interface an a network interface exist today, and can be found in access networks such as DSL access networks, passive optical access networks, cable access networks etc. In these particular local area network switches a user interface serves to receive and transmit packets from and to end-users via a local area home network, and at the other side, a network interface, serves to receive and transmit packets from and to servers and routers via for instance an Ethernet metropolitan local area network. Also in these Local area network switches having a user and a network interface, self-learning is a common practice. Thus also in these local area network switches, each time a new packet arrives, from either interface, the source address information is extracted and added, to the forwarding table. In case the source address was already present in this table, its associated information will be overwritten with the new associated information.
Such classical self-learning Ethernet switches are however prone to address spoofing, with which term is meant that one user “steals” the address of another user or server, and uses this as its own address by putting it as a source address in packets sent by him. The Ethernet switch will then add this information or overwrite the already present correct information with that of the malicious user, causing other users and the Ethernet switch itself, a lot of trouble.
A method for securing communication trying to overcome these problems of malicious use in Ethernet switches is disclosed in the published U.S. patent application 2002/0010869. This prior art document describes a MAC address-based communication restricting method, wherein it is determined whether access vectors of a received MAC address are present in an address entry table. If present, a comparison takes place between security keys stored under the form of access vectors, between these of the MAC destination and the source address. If these to not match, access is denied.
This prior art method therefore requires these security keys to be first configured and stored within a so-called “Hacker table”. This table is to be pre-configured to store the security keys. However this method is rather complex and requires the intervention of an operator who has to build up this Hacker table.